Sd Wan 110 Firmware
CVE-2022-27506
LOW
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
AnalysisAI
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI Affected products include: Citrix Sd-Wan 110 Firmware, Citrix Sd-Wan 210 Firmware, Citrix Sd-Wan 400 Firmware, Citrix Sd-Wan 410 Firmware, Citrix Sd-Wan 1000 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in Sd Wan 110 Firmware
View allReflected cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no a
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 al
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today